Example 4: Server are manageable only by admins

Here we want to give access to the servers only by admins. All other hosts are fully accessible by connected users from group but not from admins. Anonymous or other users cannot do anything.

policies.yml

---

- description: Servers are restricted to admin only.
  hosts:
    - +^srv\d\d.*
  default: Deny
  policies:
    - members:
        - administrators
      rules:
        any:
          Allow:

- description: All other hosts are open to group, else deny.
  hosts:
    - +.*
  default: Deny
  policies:
    - members:
        - users
      rules:
        any:
          Allow:

...

groups.yml

---
users:
  - jre
  - sve
  - cjo
  - mgr

administrators:
  - rda
  - mal
...